Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.
The Cybersecurity and Infrastructure Security Agency advised senior government and political officials to drill deep into their mobile phone settings to protect their communications from interception or manipulation in the wake of a massive compromise of U.S. telecom networks.
The detailed best practices represent CISA’s latest response to Salt Typhoon’s active and deep-rooted intrusion of at least eight U.S. telecom companies. The China-government sponsored threat group already stole a large amount of metadata and compromised private communications of highly targeted individuals, officials said.
CISA’s mobile security recommendations are not for the technically inept, yet the agency says they are applicable to all audiences. The complicated steps are also an acknowledgment that federal authorities don’t have confidence in the structural integrity of telecom networks’ security.
“Until we have secure devices by design, secure software by design, we all have to own our personal security,” Jeff Greene, executive assistant director for cybersecurity at CISA, said during a Wednesday media briefing.
“Going forward, I don’t think we’ll ever be at a point where an individual can ignore their own security,” Greene said. “Just as, you know, we’re walking down the street we need to keep an eye out [for] what’s going on around us.”
The extraordinary measures CISA recommends stress the widespread alarm and worries officials have about the sweeping attacks on U.S. critical infrastructure.
Officials are still scrambling to determine the full extent of damages caused, and worse yet the attackers remain embedded in the networks and could cause significant disruption at a time of their choosing.
CISA’s guidance includes specific recommendations for iOS and Android devices and broadly applicable best practices for mobile communications, including calls to:
“There’s no single solution that will eliminate all risks, but implementing these best practices will significantly enhance the protection of your communications,” Greene said during the briefing. “We urge everyone, but in particular those highly targeted individuals, to review our guidance and apply those that suit their needs.”
Get the free daily newsletter read by industry experts
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.
The free newsletter covering the top industry headlines